eHealth Technologies Blog: Ben Betzer, Vice President of Business Development

How high is protecting your patients’ PHI on your list of priorities? If you’re like most clients we work with, this is a key operational focus for you.

Every day your department schedules, prepares for, and conducts visits with patients from outside your health system. The management of these patients is critical to your patient’s health, the success of your programs and your organization as a whole. Ensuring that you have a secure, streamlined process to acquire and incorporate the medical records and images that make up each patient’s medical history is a key part of that success.

According to HIPAA Journal, there was an average of 42.5 breaches per day in the US in 2019. Approximately 29% of data breaches were classed as unauthorized access/disclosure incidents.

Medical Professional with TabletThe question department leaders need to be asking is – are we at risk for a HIPAA breach under our current record retrieval and input process?

Secure record management and the peace of mind that comes with it is one of the most overlooked benefits of working with eHealth Technologies. Our processes and record delivery methods bring a level of protection and safety for PHI that is not achievable when records are faxed, scanned, and uploaded into an EMR.

Here are the top areas of potential breeches healthcare leaders should watch for:

1.  Are requested records being sent via traditional fax machine? If so – you need to be aware of where this fax machine is placed. If it’s in an open area where multiple team members have access, incoming records can easily be removed, misplaced, or viewed by team members who should not have access to PHI. Department heads should consider removing this variable in the equation.

eHealth Technologies delivers requested records electronically. Users can either download files from our portal, or records can be delivered directly into your EMR.

2. Do you often receive additional records and reports that you did not request? If that’s the case your team must have a way to manage what we refer to as “non-requested” records. Once they are in your possession it’s your responsibility to ensure the clinical review and security of the medical documents.

When organizing records, eHealth Technologies separates out “non-requested” records and provides them in a separate file when records are delivered. This has two distinct advantages: first, only records that are needed for assessment are transferred into your EMR and second, clinical teams do not have to waste time wading through records that are not relevant (e.g. old labs, hospital orders, duplicates, etc.)

3. How are outside records put into the EMR? If they are manually uploaded into the EMR there are multiple steps in the process when medical records can be placed into the wrong patient’s electronic chart.

With eHealth Technologies’ direct delivery of records into the EMR, you eliminate extra manual steps that can lead to mislabeling/compiling/organizing of records. Our ability to receive patient demographics directly from your scheduling system, eliminates manual input errors.  This accurate patient information automatically follows the records all the way through to record delivery back into your EMR.  All reports received also go through a triple-step QA process that includes both manual and electronic mechanisms to ensure the accuracy of patient identification.

These areas are where departments can be the most vulnerable for the mishandling of medical records needed to prepare for a referred patient’s initial evaluation. Even with the best of intentions, training, and attention to detail, mistakes and accidents can happen. Eliminating the points in your process that are highest risk is a great first step in proactively protecting your patient’s PHI and ensuring your department does not become a PHI breach statistic.